What Does "Vault 7" Say? Wikileaks Released Claims About CIA Surveillance
Since the end of the election season, Wikileaks hasn't been in the news very much, beyond coverage of the Trump administration's alleged ties to the Russian government. After releasing tens of thousands of emails hacked and stolen from Clinton campaign director John Podesta late in the race, the organization wasn't generating many headlines for its disclosures. But that changed in a big way this week: if you're wondering what Wikileaks' "Vault 7" is right now, rest assured, because you're hardly alone.
If you're curious to see the documents for yourself, you can do so by visiting the Wikileaks website ― like everything they release, it's all immediately available for public consumption. And while the contents of the leaks may seem opaque to a casual observer, the basic upshot is that they've allegedly exposed the CIA's methods for hacking and performing surveillance with smartphones and mobile devices, including allegedly cracking into messaging apps widely understood to be secure, like Signal and WhatsApp. There are even allegations of surveillance performed through smart TVs.
These claims have not been independently confirmed by major news outlets as of yet, and as such should be taken as allegations until the documents are proven either authentic or fake. CIA spokesman Dean Boyd told the New York Times, “We do not comment on the authenticity or content of purported intelligence documents.” And when CBS News reached out to Sean Spicer for comment, he declined.
As the Australian Broadcasting Corporation (ABC) details, the leaks also allege that the CIA deliberately withheld information about security flaws in iOS and Android devices from Apple, Samsung, and Google, preventing the companies from discovering and patching the weaknesses so that the agency could exploit them for their own surveillance ends. Again, it's unclear whether or not these allegations are true.
The CIA/Wikileaks story today is about getting malware onto phones, none of the exploits are in Signal or break Signal Protocol encryption.— Open Whisper Systems (@whispersystems) March 7, 2017
Ubiquitous e2e encryption is pushing intelligence agencies from undetectable mass surveillance to expensive, high-risk, targeted attacks.— Open Whisper Systems (@whispersystems) March 7, 2017
On the matter of encrypted messaging apps, Open Whisper Systems, the organization behind Signal, has responded to the contents of the Wikileaks dump on Twitter. The company says the exploits identified in the Wikileaks documents are not problems with their app or its end-to-end encryption, but rather with malware getting into the phones or devices themselves. To the contrary, Open Whisper Systems insists that the efforts of the CIA to work around encrypted messaging apps is a testament to their strength, not weakness.
That's a point that's also been echoed extensively by Zeynep Tufekci, an associate professor at the University of North Carolina's School of Information and Library Science, and a writer for The New York Times who frequently discusses matters of cyber-security.
Another good thread & great expert. Encryption (Signal, WhatsApp) works; but keeping your phone secure is crucial. https://t.co/DMRWr9njrV— Zeynep Tufekci (@zeynep) March 7, 2017
In short, it's unclear just yet how much impact the leaks will have ― some outlets have represented this as being a bigger disclosure than the Snowden revelations, which from a position of healthy skepticism and restraint seems like a dramatic claim that shouldn't be made until the latest documents are more fully reviewed and comprehensively understood. And it's important to seek out views from cyber-security experts, too, rather than only strict journalists. That said, it's impossible to deny that the story has landed with a startling and seismic impact, which means you're likely to hear a lot more about it in the weeks and months to come.